Search the Community

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. The CISA advisory [...] The post How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics appeared first on Wallarm. The post How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics appeared first on Security Boulevard. View the full article

Written by: Maddie Stone, Jared Semrau, James Sadowski Combined data from Google’s Threat Analysis Group (TAG) and Mandiant shows 97 zero-day vulnerabilities were exploited in 2023; a big increase over the 62 zero-day vulnerabilities identified in 2022, but still less than 2021's peak of 106 zero-days. This finding comes from the first-ever joint zero-day report by TAG and Mandiant. The report highlights 2023 zero-day trends, with focus on two main categories of vulnerabilities. The first is end user platforms and products such as mobile devices, operating systems, browsers, and other applications. The second is enterprise-focused technologies such as security software and appliances. Key zero-day findings from the report include: Vendors' security investments are working, making certain attacks harder. Attacks increasingly target third-party components, affecting multiple products. Enterprise targeting is rising, with more focus on security software and appliances. Commercial surveillance vendors lead browser and mobile device exploits. People’s Republic of China (PRC) remains the top state-backed exploiter of zero-days. Financially-motivated attacks proportionally decreased. Threat actors are increasingly leveraging zero-days, often for the purposes of evasion and persistence, and we don’t expect this activity to decrease anytime soon. Progress is being made on all fronts, but zero-day vulnerabilities remain a major threat. A Look Back — 2023 Zero-Day Activity at a Glance Barracuda ESG: CVE-2023-2868 Barracuda disclosed in May 2023 that a zero-day vulnerability (CVE-2023-2868) in their Email Security Gateway (ESG) had been actively exploited since as early as October 2022. Mandiant investigated and determined that UNC4841, a suspected Chinese cyber espionage actor, was conducting attacks across multiple regions and sectors as part of an espionage campaign in support of the PRC. Mandiant released a blog post with findings from the initial investigation, a follow-up post with more details as the investigation continued, and a hardening guide. Barracuda also released a detailed advisory with recommendations. VMware ESXi: CVE-2023-20867 Mandiant discovered that UNC3886, a Chinese cyber espionage group, had been exploiting a VMware zero-day vulnerability (CVE-2023-20867) in a continued effort to evade security solutions and remain undiscovered. The investigation shined a big light on UNC3886's deep understanding and technical knowledge of ESXi, vCenter and VMware’s virtualization platform. Mandiant released a blog post detailing UNC3886 activity involving exploitation of this zero-day vulnerability, and also detection, containment and hardening opportunities to better defend against the threat. VMware also released an advisory with recommendations. MOVEit Transfer: CVE-2023-34362 Mandiant observed a critical zero-day vulnerability in Progress Software's MOVEit Transfer file transfer software (CVE-2023-34362) being actively exploited for data theft since as early as May 27, 2023. Mandiant initially attributed the activity to UNC4857, which was later merged into FIN11 based on targeting, infrastructure, certificate and data leak site overlaps. Mandiant released a blog post with details on the activity, as well as a containment and hardening guide to help protect against the threat. Progress released an advisory with details and recommendations. Takeaways Zero-day exploitation has the potential to be high impact and widespread, as evidenced by the three examples shared in this post. Vendors must continue investing in security to reduce risk for their users and customers, and organizations across all industry verticals must remain vigilant. Zero-day attacks that get through defenses can result in significant financial losses, reputational damage, data theft, and more. While zero-day threats are difficult to defend against, a defense in depth approach to security can help reduce potential impact. Organizations should focus on sound security principles such as vulnerability management, network segmentation, least privilege, and attack surface reduction. Additionally, defenders should conduct proactive threat hunting, and follow guidance and recommendations provided by security organizations. Read the report now to learn more about the zero-day landscape in 2023. View the full article

We've talked about how Continuous Integration and Continuous Delivery (CI/CD) tools can be a source of secrets sprawl. While it's not as insecure as leaving them lying around in a publicly accessible file, CI/CD pipelines can be exploited in a number of ways, and I'm going to share a few with you. This article is not exhaustive. GitHub's Security Hardening Guide for GitHub Actions alone is 16 pages long if you try to print it. OWASP's Top 10 CI/CD Security Risks is 38 pages long. Protecting your CI/CD systems is not a trivial task, but it's an important one. To get you started, here's a quick read on five ways attackers can leverage your CI/CD to gain access to additional systems. View the full article

Zero-day exploits use unknown vulnerabilities to infiltrate PCs, networks, mobile phones and IoT devices. For unprepared security teams, these exploits bring financial consequences and long-term risks.View the full article